Home Verkennen Help
Registreren Inloggen
MiKee
/
KeePass
2
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Aftakking: master
Aftakkingen Labels
KeePass
/
Sources
/
Sodium
/
crypto_secretbox
/
crypto_secretbox_easy.c

crypto_secretbox_easy.c 4.8 KB
Permalink Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 
  1. 

  2. #include <assert.h>
    3. 

  3. #include <limits.h>
    4. 

  4. #include <stdint.h>
    5. 

  5. #include <stdlib.h>
    6. 

  6. #include <string.h>
    7. 

  7. 

  8. #include "core.h"
    9. 

  9. #include "crypto_core_hsalsa20.h"
    10. 

  10. #include "crypto_onetimeauth_poly1305.h"
    11. 

  11. #include "crypto_secretbox.h"
    12. 

  12. #include "crypto_stream_salsa20.h"
    13. 

  13. #include "private/common.h"
    14. 

  14. #include "utils.h"
    15. 

  15. 

  16. int
    17. 

  17. crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
    18. 

  18.                           const unsigned char *m,
    19. 

  19.                           unsigned long long mlen, const unsigned char *n,
    20. 

  20.                           const unsigned char *k)
    21. 

  21. {
    22. 

  22.     crypto_onetimeauth_poly1305_state state;
    23. 

  23.     unsigned char                     block0[64U];
    24. 

  24.     unsigned char                     subkey[crypto_stream_salsa20_KEYBYTES];
    25. 

  25.     unsigned long long                i;
    26. 

  26.     unsigned long long                mlen0;
    27. 

  27. 

  28.     crypto_core_hsalsa20(subkey, n, k, NULL);
    29. 

  29. 

  30.     if (((uintptr_t) c > (uintptr_t) m &&
    31. 

  31.          (uintptr_t) c - (uintptr_t) m < mlen) ||
    32. 

  32.         ((uintptr_t) m > (uintptr_t) c &&
    33. 

  33.          (uintptr_t) m - (uintptr_t) c < mlen)) { /* LCOV_EXCL_LINE */
    34. 

  34.         memmove(c, m, mlen);
    35. 

  35.         m = c;
    36. 

  36.     }
    37. 

  37.     memset(block0, 0U, crypto_secretbox_ZEROBYTES);
    38. 

  38.     COMPILER_ASSERT(64U >= crypto_secretbox_ZEROBYTES);
    39. 

  39.     mlen0 = mlen;
    40. 

  40.     if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) {
    41. 

  41.         mlen0 = 64U - crypto_secretbox_ZEROBYTES;
    42. 

  42.     }
    43. 

  43.     for (i = 0U; i < mlen0; i++) {
    44. 

  44.         block0[i + crypto_secretbox_ZEROBYTES] = m[i];
    45. 

  45.     }
    46. 

  46.     crypto_stream_salsa20_xor(block0, block0,
    47. 

  47.                               mlen0 + crypto_secretbox_ZEROBYTES,
    48. 

  48.                               n + 16, subkey);
    49. 

  49.     COMPILER_ASSERT(crypto_secretbox_ZEROBYTES >=
    50. 

  50.                     crypto_onetimeauth_poly1305_KEYBYTES);
    51. 

  51.     crypto_onetimeauth_poly1305_init(&state, block0);
    52. 

  52. 

  53.     for (i = 0U; i < mlen0; i++) {
    54. 

  54.         c[i] = block0[crypto_secretbox_ZEROBYTES + i];
    55. 

  55.     }
    56. 

  56.     sodium_memzero(block0, sizeof block0);
    57. 

  57.     if (mlen > mlen0) {
    58. 

  58.         crypto_stream_salsa20_xor_ic(c + mlen0, m + mlen0, mlen - mlen0,
    59. 

  59.                                      n + 16, 1U, subkey);
    60. 

  60.     }
    61. 

  61.     sodium_memzero(subkey, sizeof subkey);
    62. 

  62. 

  63.     crypto_onetimeauth_poly1305_update(&state, c, mlen);
    64. 

  64.     crypto_onetimeauth_poly1305_final(&state, mac);
    65. 

  65.     sodium_memzero(&state, sizeof state);
    66. 

  66. 

  67.     return 0;
    68. 

  68. }
    69. 

  69. 

  70. int
    71. 

  71. crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
    72. 

  72.                       unsigned long long mlen, const unsigned char *n,
    73. 

  73.                       const unsigned char *k)
    74. 

  74. {
    75. 

  75.     if (mlen > crypto_secretbox_MESSAGEBYTES_MAX) {
    76. 

  76.         sodium_misuse();
    77. 

  77.     }
    78. 

  78.     return crypto_secretbox_detached(c + crypto_secretbox_MACBYTES,
    79. 

  79.                                      c, m, mlen, n, k);
    80. 

  80. }
    81. 

  81. 

  82. int
    83. 

  83. crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c,
    84. 

  84.                                const unsigned char *mac,
    85. 

  85.                                unsigned long long clen,
    86. 

  86.                                const unsigned char *n,
    87. 

  87.                                const unsigned char *k)
    88. 

  88. {
    89. 

  89.     unsigned char      block0[64U];
    90. 

  90.     unsigned char      subkey[crypto_stream_salsa20_KEYBYTES];
    91. 

  91.     unsigned long long i;
    92. 

  92.     unsigned long long mlen0;
    93. 

  93. 

  94.     crypto_core_hsalsa20(subkey, n, k, NULL);
    95. 

  95.     crypto_stream_salsa20(block0, crypto_stream_salsa20_KEYBYTES,
    96. 

  96.                           n + 16, subkey);
    97. 

  97.     if (crypto_onetimeauth_poly1305_verify(mac, c, clen, block0) != 0) {
    98. 

  98.         sodium_memzero(subkey, sizeof subkey);
    99. 

  99.         return -1;
    100. 

  100.     }
    101. 

  101.     if (m == NULL) {
    102. 

  102.         return 0;
    103. 

  103.     }
    104. 

  104.     if (((uintptr_t) c > (uintptr_t) m &&
    105. 

  105.          (uintptr_t) c - (uintptr_t) m < clen) ||
    106. 

  106.         ((uintptr_t) m > (uintptr_t) c &&
    107. 

  107.          (uintptr_t) m - (uintptr_t) c < clen)) { /* LCOV_EXCL_LINE */
    108. 

  108.         memmove(m, c, clen);
    109. 

  109.         c = m;
    110. 

  110.     }
    111. 

  111.     mlen0 = clen;
    112. 

  112.     if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) {
    113. 

  113.         mlen0 = 64U - crypto_secretbox_ZEROBYTES;
    114. 

  114.     }
    115. 

  115.     for (i = 0U; i < mlen0; i++) {
    116. 

  116.         block0[crypto_secretbox_ZEROBYTES + i] = c[i];
    117. 

  117.     }
    118. 

  118.     crypto_stream_salsa20_xor(block0, block0,
    119. 

  119.                               crypto_secretbox_ZEROBYTES + mlen0,
    120. 

  120.                               n + 16, subkey);
    121. 

  121.     for (i = 0U; i < mlen0; i++) {
    122. 

  122.         m[i] = block0[i + crypto_secretbox_ZEROBYTES];
    123. 

  123.     }
    124. 

  124.     if (clen > mlen0) {
    125. 

  125.         crypto_stream_salsa20_xor_ic(m + mlen0, c + mlen0, clen - mlen0,
    126. 

  126.                                      n + 16, 1U, subkey);
    127. 

  127.     }
    128. 

  128.     sodium_memzero(subkey, sizeof subkey);
    129. 

  129. 

  130.     return 0;
    131. 

  131. }
    132. 

  132. 

  133. int
    134. 

  134. crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c,
    135. 

  135.                            unsigned long long clen, const unsigned char *n,
    136. 

  136.                            const unsigned char *k)
    137. 

  137. {
    138. 

  138.     if (clen < crypto_secretbox_MACBYTES) {
    139. 

  139.         return -1;
    140. 

  140.     }
    141. 

  141.     return crypto_secretbox_open_detached(m, c + crypto_secretbox_MACBYTES, c,
    142. 

  142.                                           clen - crypto_secretbox_MACBYTES,
    143. 

  143.                                           n, k);
    144. 

  144. }
    145.